1 # tdsbind -u drct01
2 Enter LDAP password:
3 LdapGroupBaseFQDN: ou=groups,dc=domain1,dc=com
4 LdapUserBaseFQDN:
5 LdapSystemFQDN: ou=system1,ou=tdat,dc=domain1,dc=com
6 LdapServerName: _ldap._tcp.domain1.com
7 LdapServerPort: 389
8 LdapClientUseTls: yes
9 LdapClientTlsCACert: /opt/teradata/tdgss/site/certs/ server.pem
10 LdapClientTlsReqCert: demand
11 LdapClientMechanism: simple
12 LdapServiceFQDN: cn=dbssvc,ou=services,dc=domain1,dc=com
13 LdapServicePasswordProtected: yes
14 LdapServicePassword: configured
15 LdapServiceBindRequired: yes
15 LdapClientTlsCRLCheck: none
16 LdapAllowUnsafeServerConnect: yes
17 UseLdapConfig: yes
18 AuthorizationSupported: yes
19
20 FQDN: uid=drct01,ou=principals,dc=domain1,dc=com
21 AuthUser: ldap://dsa1.domain1.com:389/uid=drct01, ou=principals,dc=domain1,dc=com
22 DatabaseName: drct01
23 Service: domain1
24 Profiles: profile1
25 Roles: extrole01, extrole02, extrole03
The table explains the example:
| Line Number | Description |
|---|---|
| tdsbind Input | |
| 1 tdsbind -u drct01 | Requests that LDAP authenticate directory user drct01. |
| 2 Enter LDAP password | The example does not specify the -w option (user password) so tdsbind prompts for a password. The user running the command enters the password, and then presses the Enter key. |
|
tdsbind Output
Where a line of output is the value of an LDAP property, tdsbind uses the currently configured value for the corresponding property. If the tdsbind command uses a variable that corresponds to an LDAP property (for example, -B, -S, and -h, or a -O list), the command line value overrides the configured value.
|
|
| 3 LdapGroupBaseFQDN: ou=groups,dc=domain1,dc=com | The FQDN of the group object when directory groups are mapped to Teradata Vantage roles. |
| 4 LdapUserBaseFQDN | The FQDN of a directory object that contains user objects. |
| 5 LdapSystemFQDN: ou=system,ou=Standard Systems,dc=domain1,dc=com | The FQDN of the tdatSystem object that is the parent of the structure used for LDAP user authorization |
| 6 LdapServerName: _ldap._tcp.domain1.com | The name of the LDAP directory server. |
| 7 LdapServerPort: 389 | The tdsbind command sets the LDAP server port (-p) to the default. When the command contains a value, it override the default. Separate specification of the LDAP server port is deprecated and should not be used. Instead, you can include the port designation as part of specifying the LDAPServerName value. See LdapServerName.
|
| 8 LdapClientUseTls: yes | By default, tdsbind uses the value configured for the corresponding LDAPClientUseTls mechanism property. The yes value indicates that TLS is used to establish the connection to the directory server. |
| 9 LdapClientTlsCACert:/opt/teradata/tdgss/site/certs/server.pem | Identifies a file containing the directory server CA certificate. |
| 10 LdapClientTlsReqCert: demand | Specifies what checks the system performs on directory server certificates (if any), in a TLS-protected session. Demand specifies that Vantage asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection terminates. |
| 11 LdapClientMechanism: simple | The LDAP binding style enabled on the system. |
| 12 LdapServiceFQDN: cn=dbssvc,ou=services,dc=domain1,dc=com | The DN of a bindable object in the directory, which represents the service or application that requires binding. |
| 13 LdapServicePasswordProtected: yes | Indicates whether the password for the service bind was stored in encrypted form during configuration. |
| 14 LdapServicePassword: configured | The password for the service bind, if required |
| 15 LdapServiceBindRequired: yes | Indicates whether LDAP requires the service, that is Teradata Vantage, must authenticate itself to the directory |
| 16 LdapClientTlsCRLCheck: none | Indicates how the authentication mechanism should use the Certificate Revocation List (CRL) of the CA to verify that the server certificates are not revoked. None specifies that no checks are performed. |
| 17 LdapAllowUnsafeServerConnect: yes | Indicates whether Vantage is allowed to operate with a directory server running software that does not support IETF RFC 5746-compliant connections. |
| 18 UseLdapConfig: yes | Indicates whether TDGSS uses mechanism properties configured in the alternate <LdapConfig> section rather than the base mechanism property values. |
| 19 AuthorizationSupported: yes | Determines whether the LDAP user is authorized database privileges in the directory. |
| 20 | Not applicable |
| 21 FQDN: uid=drct01,ou=principals,dc=domain1,dc=com | The directory user FQDN. If the bind operation is successful, the output displays the FQDN. If the bind operation was unsuccessful, an error message appears at this point and tdsbind exits |
| 22 AuthUser: ldap://dsa1.domain1.com:389/uid=dirUser1,ou=principals,dc=domain1,dc=com | The directory user global unique identifier (GUID), if the directory supports GUIDs |
| 23 DatabaseName: dirUser1 | The AuditTrailId for the directory user. The name of the user after rewriting it based on the configuration in the <Canonicalization> section of the <LdapConfig>. |
| 24 Service: local | The name of the service that authenticated the user. This field is blank if the mechanism authorizes the user. |
| 25 Profiles: profxu1 | The value for this attribute appears only if the directory user is mapped to one or more profiles. |
| 26 Roles: extrole01xu1, extrole02xu1, extrole03xu1 | The value for this attribute appears only if the group that contains the directory user is mapped to one or more roles. |
| 27 Users: perm01 | The database user object to which the directory principal is mapped. |